Scdeny

Name of the Vulnerable Software and Affected Versions: OpenCV versions 3.3 and earlier Description: The issue is related to a buffer overflow in the `modules/imgcodecs/src/grfmt pxm.cpp` component of the OpenCV library. This can lead to remote code execution or denial of service if the image is from a remote source. The vulnerability may allow an attacker to access confidential data, compromise its integrity, and cause a denial of service using a specially crafted file. Recommendations: For OpenCV versions 3.3 and earlier, consider disabling the `grfmt pxm.cpp` module until a patch is available to prevent potential buffer overflow exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: OpenCV versions 3.3 and earlier Description: The issue is related to an integer overflow in the `PxMDecoder::readData` function in `opencv/modules/imgcodecs/src/grfmt pxm.cpp`. This can lead to remote code execution or denial of service if the image is from a remote source. The vulnerability may allow an attacker to access confidential data, compromise its integrity, and cause a denial of service using a specially crafted file. Recommendations: For OpenCV versions 3.3 and earlier, consider disabling the `PxMDecoder::readData` function until a patch is available to prevent potential remote code execution or denial of service. Restrict access to remote images to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: OpenCV versions 3.3 and earlier Description: The issue is related to an integer overflow in the `ReadNumber` function in `opencv/modules/imgcodecs/src/grfmt pxm.cpp`. This can lead to remote code execution or denial of service if the image is from a remote source. The vulnerability may allow an attacker to access confidential data, compromise its integrity, and cause a denial of service using a specially crafted file. Recommendations: For OpenCV versions 3.3 and earlier, consider disabling the `ReadNumber` function in `opencv/modules/imgcodecs/src/grfmt pxm.cpp` as a temporary workaround until a patch is available. Restrict access to remote images to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.